avoid small reads when there's a preferred IO size.
a discussion on port-sparc here:
https://mail-index.netbsd.org/port-sparc/2025/12/29/msg003063.html
showed that the "file type" 4-byte read was failing on tape devices
as they need a specific IO size to work.
since we already pass this 4 bytes to the real decompressor, avoid this
problem by checking if there's a st_blksize value from stat(2) and use
a buffer of that size for the first read.
rename handle_stdin() to handle_fd_decomp() and use the same backend
for stdin as well as readable non-file files (device, fifo, socket).
tested by Nobuyoshi SATO on port-sparc, atf, and a few other manual
things.
remove __packed from a bunch of ioctl structures.
i noticed a warning unrelated to an evbarm llvm build failure here, and
it turns out that we have a few things using __packed that should be
using the right types instead, or don't need __packed at all.
struct netbsd32_if_data and struct netbsd32_ksyms_gvalue use
netbsd32_uint64 now, to avoid forcing the whole-struct alignment to 8.
struct netbsd32_ifdatareq, struct netbsd32_dkwedge_list, and
struct netbsd32_disk_strategy don't need __packed at all.
structure sizes confirmed to remain the same on amd64.
Revert previous: Don't compile with -std=gnu2x. static_assert in pre 2023
environments is defined in assert.h. In 2013 assert.h was added to localtime.c
because a _DIAGASSERT was added which is no longer there. Remove assert.h since
it is no longer needed and the clang error goes away since static_assert is
no longer defined in pre-2023 environments. Thanks Paul Eggert.
miniflux: update to 2.2.16.
Security
Disallow the media proxy from fetching resources on private networks to mitigate potential SSRF issues. This behavior is configurable at the instance level.
Disallow fetching feed icons from private networks to reduce the SSRF attack surface. This is also configurable at the instance level.
Add the TRUSTED_REVERSE_PROXY_NETWORKS configuration option to prevent spoofing of HTTP headers such as X-Forwarded-For, X-Forwarded-Proto, and X-Real-Ip. This option must be configured when AUTH_PROXY_HEADER is enabled.
Stop logging generated Google Reader API tokens, even when debug mode is enabled.
Remove the CORS handler from the Google Reader API, as it is not intended to be used by web clients, reducing the overall attack surface.
Performance and Storage
Avoid indexing the content of removed entries, significantly reducing database index size after cleanup.
Minor storage and database refactoring to simplify code paths and reduce unnecessary formatting overhead.
API and Integrations
Add a new API endpoint to import entries into an existing feed.
Execute the content sanitizer when updating or importing entries through the API to ensure consistent sanitization.
[17 lines not shown]
pcsc-lite: updated to 2.4.1
2.4.1
- Add backward version support on the client side
- Add backward version support on the server side
- hotplug libudev: rescan the USB bus with "pcscd --hotplug"
- fix a value in pcscd.service systemd file
- meson: install systemd files even if libsystemd is not used
- Some other minor improvements
hackrf: updated to 2026.01.1
2026.01.1
To upgrade to this release, you must update libhackrf and hackrf-tools on your host computer. You must also update firmware on your HackRF.
Major changes in this release include:
HackRF Pro, a new hardware platform, is now supported. Initially HackRF Pro supports a legacy radio configuration mode that makes it compatible with software designed for use with HackRF One. Future releases will enable extended precision and other modes.
Improved build system and documentation, especially on Windows. Thank you, Demetri and Martin!
Added support for newer PortaPacks with AGM Microelectronics CPLDs. Thank you, Bernd!
Improved USB performance on Windows when libusb is compiled with RAW_IO support. Thank you, Martin and Jamie!
Updated libhackrf version to be more consistent with Semantic Versioning.
There have been many enhancements and bug fixes. For a full list of changes, see the git log.
nuclei: Update to 3.6.2
Changes:
v3.6.2
* Enabled TLS session caching in the client pool to improve connection
reuse and reduce handshake overhead (internal)
* Added support for providing a custom Jira server URL (`site-url`)
when using OAuth authentication
* Bug fixes
* Performance improvements
v3.6.1
* Bug fixes
gh: Update to 2.83.2
Changes:
GitHub CLI 2.83.2
* Isolate user-provided search query from contextual qualifiers
* Refactor cfg out of CAPI Client
* Remove extra flag default from help usage
* Add PGP key rotation PoC
* Add Debian/Ubuntu to unofficial packages
* Error if go-licenses is not on the PATH
* refactor: drop multierror in favor of std
GitHub CLI 2.83.1
* `gh pr edit`: Ensure empty arrays for reviewers in PR API calls
* Integrate license checks back into lint workflow
* Update third-party licenses and dependencies
